Add an (off by default) check for negative permissions (where the

group on a object has less permissions that everyone). These permissions will not work reliably over NFS if you have more than 14 supplemental groups and are usually not what you mean. MFC after: 1 week
author: brooks <brooks@FreeBSD.org> 2010-11-13 00:40:43 +0000
committer: brooks <brooks@FreeBSD.org> 2010-11-13 00:40:43 +0000
commit: 479b7f42883a475385c5a0203d82972be32f2bdb (patch)
tree: 1af23fa60f8e4b198022f866236556ba866c040d /etc/defaults
parent: 7b0aabca30b272cae8800569e8681db7f9b58c0d (diff)
download: FreeBSD-src-479b7f42883a475385c5a0203d82972be32f2bdb.zip
FreeBSD-src-479b7f42883a475385c5a0203d82972be32f2bdb.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf
index 8267ac7..29e3b00 100644
--- a/etc/defaults/periodic.conf
+++ b/etc/defaults/periodic.conf
@@ -160,6 +160,9 @@ daily_status_security_diff_flags="-b -u"		# flags for diff output
 # 100.chksetuid
 daily_status_security_chksetuid_enable="YES"
 
+# 110.neggrpperm
+daily_status_security_neggrpperm_enable="NO"
+
 # 200.chkmounts
 daily_status_security_chkmounts_enable="YES"
 #daily_status_security_chkmounts_ignore="^amd:"		# Don't check matching
author	brooks <brooks@FreeBSD.org>	2010-11-13 00:40:43 +0000
committer	brooks <brooks@FreeBSD.org>	2010-11-13 00:40:43 +0000
commit	479b7f42883a475385c5a0203d82972be32f2bdb (patch)
tree	1af23fa60f8e4b198022f866236556ba866c040d /etc/defaults
parent	7b0aabca30b272cae8800569e8681db7f9b58c0d (diff)
download	FreeBSD-src-479b7f42883a475385c5a0203d82972be32f2bdb.zip FreeBSD-src-479b7f42883a475385c5a0203d82972be32f2bdb.tar.gz